New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

r9stack

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

r9stack

CLI tool that scaffolds opinionated SaaS projects with a fully functional walking skeleton

latest
Source
npmnpm
Version
0.5.0
Version published
Maintainers
1
Created
Source

r9stack

A CLI that scaffolds opinionated SaaS projects with a fully functional walking skeleton—a complete frontend, backend, and database stack with auth pre-integrated.

Status

🚀 Available on npm - Install with npx r9stack@dev

FeatureStatus
TanStack Start + React 19✅ Working
Starter-based architecture✅ Working
shadcn/ui + Tailwind CSS✅ Working
Convex backend✅ Working
WorkOS auth✅ Working
Flight Rules docs✅ Working
GitHub repo creation✅ Working
Vercel deployment📋 Planned
Stripe payments📋 Post-V1

Why r9stack?

Agentic coding has dramatically accelerated feature development, but initial project setup—configuring the frontend framework, wiring up the backend and database, integrating auth providers—remains tedious and error-prone.

r9stack eliminates this friction. Run a single command and have a scaffolded full-stack project in minutes.

Architecture

r9stack uses TanStack Start's starter system to create projects:

  • CLI invokes TanStack Start with a --starter flag pointing to a hosted starter.json
  • TanStack Start creates the project and applies r9stack customizations
  • CLI guides post-creation setup for Convex, WorkOS, and optional GitHub/Vercel integration

Tech Stack

LayerTechnologyDescription
FrameworkTanStack StartFull-stack React framework with SSR and server functions
UI LibraryReact 19Declarative UI with the latest React features
LanguageTypeScriptType-safe JavaScript for reliable code
StylingTailwind CSS 4Utility-first CSS framework
BuildViteLightning-fast build tool and dev server
BackendConvexReal-time backend with automatic sync
AuthWorkOS AuthKitEnterprise-ready SSO and MFA
Sessionsiron-sessionEncrypted cookie-based sessions
Componentsshadcn/uiBeautiful, accessible Radix-based components

Getting Started

# Create a new project
npx r9stack@dev init my-project

Local Development

# Clone the repository
git clone https://github.com/ryanpacker/r9stack.git
cd r9stack

# Install dependencies and build
npm install
npm run build

# Link globally for testing
npm link

# Create a new project
r9stack init my-project

Usage

# Interactive mode - prompts for project name and options
npx r9stack@dev init

# Provide project name directly
npx r9stack@dev init my-awesome-app

# Non-interactive with defaults (installs Flight Rules, skips GitHub)
npx r9stack@dev init my-awesome-app --yes

# Create with GitHub repo
npx r9stack@dev init my-awesome-app --yes --github

# Create public GitHub repo
npx r9stack@dev init my-awesome-app --github --public

# Skip Flight Rules installation
npx r9stack@dev init my-awesome-app --no-flight-rules

# Use a specific starter
npx r9stack@dev init my-awesome-app --starter standard

# List available starters
npx r9stack@dev --starter-list

# View help
npx r9stack@dev init --help

CLI Options

FlagDescription
-y, --yesSkip confirmation prompts
-s, --starter <id>Use a specific starter (e.g., 'standard')
--no-flight-rulesSkip Flight Rules installation
--githubCreate GitHub repository
--no-githubSkip GitHub repository creation
--privateMake GitHub repository private (default)
--publicMake GitHub repository public

The CLI will:

  • Fetch the latest starter template from GitHub
  • Create your project using TanStack Start
  • Replace project name placeholders in generated files
  • Install Flight Rules documentation framework
  • Optionally create a GitHub repository and push initial commit
  • Guide you through post-creation setup (Convex, WorkOS)

What Gets Generated (V1 Target)

Running npx r9stack@dev init will create a project with:

my-project/
├── .flight-rules/          # Flight Rules documentation framework
│   ├── AGENTS.md           # Agent guidelines
│   ├── commands/           # Coding session workflows
│   └── doc-templates/      # Documentation templates
├── convex/
│   ├── _generated/         # Auto-generated by Convex
│   ├── schema.ts           # Database schema
│   └── messages.ts         # Demo Convex functions
├── public/
│   └── images/             # App logos and assets
├── src/
│   ├── components/
│   │   ├── ui/             # shadcn components
│   │   ├── AppShell.tsx    # Application shell
│   │   ├── Sidebar.tsx     # Collapsible sidebar
│   │   ├── NavGroup.tsx    # Navigation group
│   │   ├── NavItem.tsx     # Navigation item
│   │   └── UserMenu.tsx    # Auth-aware user menu
│   ├── lib/
│   │   ├── auth.ts         # Auth types
│   │   ├── auth-client.ts  # Client-side auth context
│   │   ├── auth-server.ts  # Server-side auth (iron-session)
│   │   └── utils.ts        # Utilities (cn helper)
│   ├── routes/
│   │   ├── __root.tsx      # Root layout with providers
│   │   ├── index.tsx       # Public landing page
│   │   ├── auth/           # Auth flow routes
│   │   │   ├── sign-in.tsx
│   │   │   ├── callback.tsx
│   │   │   └── sign-out.tsx
│   │   └── app/            # Protected routes
│   │       ├── route.tsx   # Auth guard + AppShell
│   │       ├── index.tsx   # Authenticated home
│   │       └── demo/       # Demo pages
│   └── styles.css          # Tailwind + shadcn styles
├── .env.example
├── components.json         # shadcn configuration
├── package.json
├── tsconfig.json
└── vite.config.ts

Route Structure

  • / — Public landing page
  • /auth/* — Authentication flow (sign-in, callback, sign-out)
  • /app/* — Protected routes (requires authentication)

Manual Setup Required

After scaffolding, you'll need to:

  • Set up WorkOS — Create account at https://workos.com, configure redirect URI
  • Set up Convex — Run npx convex dev to create project and authenticate
  • Add environment variables — Copy .env.example to .env.local and fill in credentials

Project Structure

r9stack/
├── src/                    # CLI source code
├── starters/
│   └── standard/           # r9-starter-standard source
├── tests/
│   ├── e2e/               # End-to-end tests
│   └── output/            # Test output (gitignored)
├── docs/
│   ├── prd.md             # Product requirements
│   ├── implementation/    # Implementation specs
│   └── ...
└── dist/                  # Compiled CLI

Documentation

License

Apache 2.0 - See LICENSE for details.

Keywords

cli
scaffold
tanstack
convex
saas
starter

FAQs

Package last updated on 22 Mar 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

Security News

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.

By Sarah Gooding  -  Apr 11, 2026
Don't Kill the Goose That Lays the Golden Eggs

Security News

Don't Kill the Goose That Lays the Golden Eggs

Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.

By Sarah Gooding  -  Apr 10, 2026
Feross on TBPN: How North Korea Hijacked Axios

Security News

Feross on TBPN: How North Korea Hijacked Axios

Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.

By Sarah Gooding  -  Apr 08, 2026